<?php
session_save_path('../../sessions');
session_start();
        

// If we didn't come from the form, send back to user list
if( !isset($_SESSION['userIdToModify']) || !isset($_SESSION['userType']) )
    header("location:../../admin_manageUsers.php");
else {
    
    // Connect to our database
    include("../dbconnection.php");
    
    
    // Clean our input
    $email = mysql_real_escape_string($_POST['email']);
    
    // Update user table query
    $updateUser_query = "UPDATE $TABLE_USERS SET $TABLE_USERS_EMAILADDRESS = '$email' WHERE $TABLE_USERS_USERID =".$_SESSION['userIdToModify'];
  
    // Execute the user update query
    mysql_query($updateUser_query);
    
    $updateDetails_query = "";
    // Update the user according to the type that he/she has
    if($_SESSION['userType'] == $TABLE_USERTYPE_TYPEREGISTERED)
    {
        // Clean input for registered users table
        $name = mysql_real_escape_string($_POST['name']);
        $address = mysql_real_escape_string($_POST['address']);
        $phoneNumLand = mysql_real_escape_string($_POST['phoneNumLand']);
        $phoneNumCell = mysql_real_escape_string($_POST['phoneNumCell']);
        $occupation = mysql_real_escape_string($_POST['occupation']);
        $employer = mysql_real_escape_string($_POST['employer']);
        $employerAddress = mysql_real_escape_string($_POST['employerAddress']);
        $blackmarks = mysql_real_escape_string($_POST['blackmarks']);
        
        // Update registered user's details
        $updateDetails_query = "UPDATE $TABLE_REGISTEREDUSER 
        SET $TABLE_REGISTEREDUSER_ADDRESS = '$address', $TABLE_REGISTEREDUSER_PHONELAND = $phoneNumLand, 
        $TABLE_REGISTEREDUSER_PHONECELL = $phoneNumCell, $TABLE_REGISTEREDUSER_OCCUPATION = '$occupation', 
        $TABLE_REGISTEREDUSER_EMPLOYER = '$employer', $TABLE_REGISTEREDUSER_EMPLOYERADDRESS = '$employerAddress', 
        $TABLE_REGISTEREDUSER_BLACKMARK = $blackmarks WHERE $TABLE_REGISTEREDUSER_USERID = ".$_SESSION['userIdToModify'];

    }
    else if($_SESSION['userType'] == $TABLE_USERTYPE_TYPEBUSINESS)
    {
        $companyName = mysql_real_escape_string($_POST['companyName']);
        $businessCharter = mysql_real_escape_string($_POST['businessCharter']);
        $contactName = mysql_real_escape_string($_POST['contactName']);
        $contactPhoneLand = mysql_real_escape_string($_POST['contactPhoneLand']);

        $contactPhoneMobile = "NULL";
        if(!empty($_POST['contactPhoneMobile']))
            $contactPhoneMobile = mysql_real_escape_string($_POST['contactPhoneMobile']);

        $contactPhoneFax = "NULL";
        if(!empty($_POST['contactPhoneFax']))
            $contactPhoneFax = mysql_real_escape_string($_POST['contactPhoneFax']);                

        $contactPosition = "";
        if(!empty($_POST['contactPosition']))
            $contactPosition = mysql_real_escape_string($_POST['contactPosition']);

        $contactEmail = mysql_real_escape_string($_POST['contactEmail']);

        $companyAddress = "";
        if(!empty($_POST['companyAddress']))
            $companyAddress = mysql_real_escape_string($_POST['companyAddress']);               


        $companyCity = mysql_real_escape_string($_POST['companyCity']);

        $companyState = "";
        if(!empty($_POST['companyState']))
            $companyState = mysql_real_escape_string($_POST['companyState']);

        $companyPostalCode = "";
        if(!empty($_POST['companyPostalCode']))
            $companyPostalCode = mysql_real_escape_string($_POST['companyPostalCode']);

        $companyCountry = mysql_real_escape_string($_POST['companyCountry']);

        $companyEmail = "";
        if(!empty($_POST['companyEmail']))
            $companyEmail = mysql_real_escape_string($_POST['companyEmail']); 

        $preferredIndustry = mysql_real_escape_string($_POST['preferredIndustry']);
        
        
        $updateDetails_query = "UPDATE $TABLE_BUSINESSAGENT 
        SET $TABLE_BUSINESSAGENT_COMPANYNAME = '$companyName', 
        $TABLE_BUSINESSAGENT_BUSINESSCHARTER = '$businessCharter', 
        $TABLE_BUSINESSAGENT_CONTACTNAME = '$contactName', 
        $TABLE_BUSINESSAGENT_CONTACTPHONELAND = $contactPhoneLand, 
        $TABLE_BUSINESSAGENT_CONTACTPHONEMOBILE = $contactPhoneMobile, 
        $TABLE_BUSINESSAGENT_CONTACTPHONEFAX = $contactPhoneFax, 
        $TABLE_BUSINESSAGENT_CONTACTPOSITION = '$contactPosition', 
        $TABLE_BUSINESSAGENT_CONTACTEMAIL = '$contactEmail', 
        $TABLE_BUSINESSAGENT_COMPANYADDRESS = '$companyAddress', 
        $TABLE_BUSINESSAGENT_COMPANYCITY = '$companyCity', 
        $TABLE_BUSINESSAGENT_COMPANYSTATE = '$companyState', 
        $TABLE_BUSINESSAGENT_COMPANYPOSTALCODE = '$companyPostalCode', 
        $TABLE_BUSINESSAGENT_COMPANYCOUNTRY = '$companyCountry', 
        $TABLE_BUSINESSAGENT_COMPANYEMAIL = '$companyEmail', 
        $TABLE_BUSINESSAGENT_PREFERREDINDUSTRY = '$preferredIndustry' 
        WHERE $TABLE_BUSINESSAGENT_USERID = ".$_SESSION['userIdToModify'];
        
    }
    else if($_SESSION['userType'] == $TABLE_USERTYPE_TYPEFINANCIAL)
    {
        // Clean input for registered users table
        $name = mysql_real_escape_string($_POST['name']);
        $address = mysql_real_escape_string($_POST['address']);
        $phoneNumLand = mysql_real_escape_string($_POST['phoneNumLand']);
        $phoneNumCell = mysql_real_escape_string($_POST['phoneNumCell']);
        $occupation = mysql_real_escape_string($_POST['occupation']);
        $employer = mysql_real_escape_string($_POST['employer']);
        $employerAddress = mysql_real_escape_string($_POST['employerAddress']);
        $blackmarks = mysql_real_escape_string($_POST['blackmarks']);
        
        // Update registered user's details
        $updateDetails_query = "UPDATE $TABLE_FINANCIALUSER 
        SET $TABLE_FINANCIALUSER_ADDRESS = '$address', $TABLE_FINANCIALUSER_PHONELAND = $phoneNumLand, 
        $TABLE_FINANCIALUSER_PHONECELL = $phoneNumCell, $TABLE_FINANCIALUSER_OCCUPATION = '$occupation', 
        $TABLE_FINANCIALUSER_EMPLOYER = '$employer', $TABLE_FINANCIALUSER_EMPLOYERADDRESS = '$employerAddress', 
        $TABLE_FINANCIALUSER_BLACKMARK = $blackmarks WHERE $TABLE_FINANCIALUSER_USERID = ".$_SESSION['userIdToModify'];
        
    }
    
    // Execute the registered user update query
    mysql_query($updateDetails_query);

    // Close the connection
    mysql_close();
    
   
    // Set a small message to let the admin know the update was successful
    $_SESSION['updateSuccess'] = "User ".$_SESSION['userName']." was updated successfully.";
    
    // Make sure the user ID, type, and username for modification are unset, just as a precautionary measure.
    unset($_SESSION['userIdToModify']);
    unset($_SESSION['userType']);
    unset($_SESSION['userName']);


    // Go back to where we were
    header("location:../../admin_manageUsers.php");
    
}